HTTP Security Headers

To avoid possible man-in-the-middle (MITM) attack, make sure your HTTP response header include appropriate parameters. Protect your website from attacks like XSS or code injection.
The simplest way to do is, create .htaccess in your working directory and insert with following parameters:
<ifModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
Header set Referrer-Policy: no-referrer-when-downgrade
Header set Content-Security-Policy "frame-ancestors 'none'; font-src https: data:; img-src https: data:;"
Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);" 
* Please adjust each header parameter according to your working environment.
To verify, please visit
To know more about HTTP headers, please visit
  • elastic cloud hosting, cloud vm, cloud server, http headers, web security, MITM, mitm, man-in-the-middle
  • 6 Users Found This Useful
Was this answer helpful?

Related Articles

How to enabled ini_set() which has been disabled for security reasons

By default, some php functions has been disabled by admin due to security reasons.In some cases,...

Requires the ionCube PHP Loader

When you use custom php.ini for your web application, you are required to include following...

How to activate Redis cache in Wordpress?

Our web server (cPanel based) setup with redis caching support. As what stated in Redis website,...